yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 01:05:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'tls/development' into development

Browse Source 
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
This commit is contained in:
Jaeden Amero 2019-02-27 15:15:53 +00:00
commit a9d6ba2510
37 changed files with 3889 additions and 571 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ChangeLog
View File

@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.x.x branch released xxxx-xx-xx
Features
* Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`
which allows copy-less parsing of DER encoded X.509 CRTs,
at the cost of additional lifetime constraints on the input
buffer, but at the benefit of reduced RAM consumption.
API Changes
* Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
See the Features section for more information.
Bugfix
* Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242.
@ -19,8 +29,12 @@ Bugfix
in X.509 module. Fixes #2212.
* Reduce stack usage of `mpi_write_hlp()` by eliminating recursion.
Fixes #2190.
* Fix false failure in all.sh when backup files exist in include/mbedtls
(e.g. config.h.bak). Fixed by Peter Kolbus (Garmin) #2407.
Changes
* Reduce RAM consumption during session renegotiation by not storing
the peer CRT chain and session ticket twice.
* Include configuration file in all header files that use configuration,
instead of relying on other header files that they include.
Inserted as an enhancement for #1371
@ -35,6 +49,10 @@ Changes
produced by some optimizing compilers, showing up as failures in
e.g. RSA or ECC signature operations. Reported in #1722, fix suggested
by Aurelien Jarno and submitted by Jeffrey Martin.
* Reduce the complexity of the timing tests. They were assuming more than the
underlying OS actually guarantees.
* Fix configuration queries in ssl-opt.h. #2030
* Ensure that ssl-opt.h can be run in OS X. #2029
= mbed TLS 2.16.0 branch released 2018-12-21

5
include/mbedtls/check_config.h
View File

@ -114,14 +114,15 @@
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
( defined(MBEDTLS_USE_PSA_CRYPTO) || \
defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \
defined(MBEDTLS_ECDSA_SIGN_ALT) || \
defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
defined(MBEDTLS_ECDSA_GENKEY_ALT) || \
defined(MBEDTLS_ECP_INTERNAL_ALT) || \
defined(MBEDTLS_ECP_ALT) )
#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation"
#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
#endif
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)

125
include/mbedtls/psa_util.h
View File

@ -43,6 +43,8 @@
#include "pk.h"
#include "oid.h"
#include <string.h>
/* Translations for symmetric crypto. */
static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
@ -233,6 +235,86 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
return( -1 );
}
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid )
{
switch( grpid )
@ -294,6 +376,7 @@ static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group
}
}
#define MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) \
( curve == PSA_ECC_CURVE_SECP192R1 ? 192 : \
curve == PSA_ECC_CURVE_SECP224R1 ? 224 : \
@ -352,6 +435,48 @@ static inline psa_ecc_curve_t mbedtls_psa_parse_tls_ecc_group(
return( (psa_ecc_curve_t) tls_ecc_grp_reg_id );
}
/* This function takes a buffer holding an EC public key
* exported through psa_export_public_key(), and converts
* it into an ECPoint structure to be put into a ClientKeyExchange
* message in an ECDHE exchange.
*
* Both the present and the foreseeable future format of EC public keys
* used by PSA have the ECPoint structure contained in the exported key
* as a subbuffer, and the function merely selects this subbuffer instead
* of making a copy.
*/
static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
size_t srclen,
unsigned char **dst,
size_t *dstlen )
{
*dst = src;
*dstlen = srclen;
return( 0 );
}
/* This function takes a buffer holding an ECPoint structure
* (as contained in a TLS ServerKeyExchange message for ECDHE
* exchanges) and converts it into a format that the PSA key
* agreement API understands.
*/
static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( psa_ecc_curve_t curve,
unsigned char const *src,
size_t srclen,
unsigned char *dst,
size_t dstlen,
size_t *olen )
{
((void) curve);
if( srclen > dstlen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
memcpy( dst, src, srclen );
*olen = srclen;
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PSA_UTIL_H */

15
include/mbedtls/ssl_internal.h
View File

@ -57,6 +57,11 @@
#include "ecjpake.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "psa_util.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
@ -280,7 +285,15 @@ struct mbedtls_ssl_handshake_params
#endif
#if defined(MBEDTLS_ECDH_C)
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_ecc_curve_t ecdh_psa_curve;
psa_key_handle_t ecdh_psa_privkey;
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t ecdh_psa_peerkey_len;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_ECDH_C */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
#if defined(MBEDTLS_SSL_CLI_C)

58
include/mbedtls/x509_crt.h
View File

@ -52,6 +52,8 @@ extern "C" {
*/
typedef struct mbedtls_x509_crt
{
int own_buffer; /**< Indicates if \c raw is owned
* by the structure or not. */
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
@ -220,16 +222,58 @@ extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
/**
* \brief Parse a single DER formatted certificate and add it
* to the chained list.
* to the end of the provided chained list.
*
* \param chain points to the start of the chain
* \param buf buffer holding the certificate DER data
* \param buflen size of the buffer
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
* mbedtls_x509_crt_init().
* \param buf The buffer holding the DER encoded certificate.
* \param buflen The size in Bytes of \p buf.
*
* \return 0 if successful, or a specific X509 or PEM error code
* \note This function makes an internal copy of the CRT buffer
* \p buf. In particular, \p buf may be destroyed or reused
* after this call returns. To avoid duplicating the CRT
* buffer (at the cost of stricter lifetime constraints),
* use mbedtls_x509_crt_parse_der_nocopy() instead.
*
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
size_t buflen );
int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen );
/**
* \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list. This is a
* variant of mbedtls_x509_crt_parse_der() which takes
* temporary ownership of the CRT buffer until the CRT
* is destroyed.
*
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
* mbedtls_x509_crt_init().
* \param buf The address of the readable buffer holding the DER encoded
* certificate to use. On success, this buffer must be
* retained and not be changed for the liftetime of the
* CRT chain \p chain, that is, until \p chain is destroyed
* through a call to mbedtls_x509_crt_free().
* \param buflen The size in Bytes of \p buf.
*
* \note This call is functionally equivalent to
* mbedtls_x509_crt_parse_der(), but it avoids creating a
* copy of the input buffer at the cost of stronger lifetime
* constraints. This is useful in constrained environments
* where duplication of the CRT cannot be tolerated.
*
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen );
/**
* \brief Parse one DER-encoded or one or more concatenated PEM-encoded

297
library/ssl_cli.c
View File

@ -39,6 +39,10 @@
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include <string.h>
#include <stdint.h>
@ -2109,6 +2113,64 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
unsigned char **p,
unsigned char *end )
{
uint16_t tls_id;
uint8_t ecpoint_len;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
/*
* Parse ECC group
*/
if( end - *p < 4 )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
/* First byte is curve_type; only named_curve is handled */
if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
/* Next two bytes are the namedcurve value */
tls_id = *(*p)++;
tls_id <<= 8;
tls_id |= *(*p)++;
/* Convert EC group to PSA key type. */
if( ( handshake->ecdh_psa_curve =
mbedtls_psa_parse_tls_ecc_group( tls_id ) ) == 0 )
{
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
/*
* Put peer's ECDH public key in the format understood by PSA.
*/
ecpoint_len = *(*p)++;
if( (size_t)( end - *p ) < ecpoint_len )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
if( mbedtls_psa_tls_ecpoint_to_psa_ec( handshake->ecdh_psa_curve,
*p, ecpoint_len,
handshake->ecdh_psa_peerkey,
sizeof( handshake->ecdh_psa_peerkey ),
&handshake->ecdh_psa_peerkey_len ) != 0 )
{
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
*p += ecpoint_len;
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
@ -2510,6 +2572,24 @@ start_processing:
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
{
if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
}
else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
@ -2938,7 +3018,9 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
{
int ret;
size_t i, n;
size_t header_len;
size_t content_len;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->transform_negotiate->ciphersuite_info;
@ -2950,16 +3032,16 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
/*
* DHM key exchange -- send G^X mod P
*/
n = ssl->handshake->dhm_ctx.len;
content_len = ssl->handshake->dhm_ctx.len;
ssl->out_msg[4] = (unsigned char)( n >> 8 );
ssl->out_msg[5] = (unsigned char)( n );
i = 6;
ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
ssl->out_msg[5] = (unsigned char)( content_len );
header_len = 6;
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
&ssl->out_msg[i], n,
ssl->conf->f_rng, ssl->conf->p_rng );
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
&ssl->out_msg[header_len], content_len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
@ -2970,10 +3052,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
ssl->handshake->premaster,
MBEDTLS_PREMASTER_SIZE,
&ssl->handshake->pmslen,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
ssl->handshake->premaster,
MBEDTLS_PREMASTER_SIZE,
&ssl->handshake->pmslen,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
return( ret );
@ -2983,6 +3065,119 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
{
psa_status_t status;
psa_key_policy_t policy;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
unsigned char own_pubkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t own_pubkey_len;
unsigned char *own_pubkey_ecpoint;
size_t own_pubkey_ecpoint_len;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
header_len = 4;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
/*
* Generate EC private key for ECDHE exchange.
*/
/* Allocate a new key slot for the private key. */
status = psa_allocate_key( &handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
/* The master secret is obtained from the shared ECDH secret by
* applying the TLS 1.2 PRF with a specific salt and label. While
* the PSA Crypto API encourages combining key agreement schemes
* such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not
* yet support the provisioning of salt + label to the KDF.
* For the time being, we therefore need to split the computation
* of the ECDH secret and the application of the TLS 1.2 PRF. */
policy = psa_key_policy_init();
psa_key_policy_set_usage( &policy,
PSA_KEY_USAGE_DERIVE,
PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ) );
status = psa_set_key_policy( handshake->ecdh_psa_privkey, &policy );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
/* Generate ECDH private key. */
status = psa_generate_key( handshake->ecdh_psa_privkey,
PSA_KEY_TYPE_ECC_KEYPAIR( handshake->ecdh_psa_curve ),
MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( handshake->ecdh_psa_curve ),
NULL, 0 );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
/* Export the public part of the ECDH private key from PSA
* and convert it to ECPoint format used in ClientKeyExchange. */
status = psa_export_public_key( handshake->ecdh_psa_privkey,
own_pubkey, sizeof( own_pubkey ),
&own_pubkey_len );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey,
own_pubkey_len,
&own_pubkey_ecpoint,
&own_pubkey_ecpoint_len ) != 0 )
{
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
/* Copy ECPoint structure to outgoing message buffer. */
ssl->out_msg[header_len] = own_pubkey_ecpoint_len;
memcpy( ssl->out_msg + header_len + 1,
own_pubkey_ecpoint, own_pubkey_ecpoint_len );
content_len = own_pubkey_ecpoint_len + 1;
/* Compute ECDH shared secret. */
status = psa_key_agreement( &generator,
handshake->ecdh_psa_privkey,
handshake->ecdh_psa_peerkey,
handshake->ecdh_psa_peerkey_len,
PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ) );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
/* The ECDH secret is the premaster secret used for key derivation. */
ssl->handshake->pmslen =
MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( handshake->ecdh_psa_curve );
status = psa_generator_read( &generator,
ssl->handshake->premaster,
ssl->handshake->pmslen );
if( status != PSA_SUCCESS )
{
psa_generator_abort( &generator );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
status = psa_generator_abort( &generator );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
status = psa_destroy_key( handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
handshake->ecdh_psa_privkey = 0;
}
else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
@ -2995,7 +3190,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
/*
* ECDH key exchange -- send client public value
*/
i = 4;
header_len = 4;
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
if( ssl->handshake->ecrs_enabled )
@ -3008,8 +3203,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
#endif
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
&n,
&ssl->out_msg[i], 1000,
&content_len,
&ssl->out_msg[header_len], 1000,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
@ -3027,19 +3222,19 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
if( ssl->handshake->ecrs_enabled )
{
ssl->handshake->ecrs_n = n;
ssl->handshake->ecrs_n = content_len;
ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
}
ecdh_calc_secret:
if( ssl->handshake->ecrs_enabled )
n = ssl->handshake->ecrs_n;
content_len = ssl->handshake->ecrs_n;
#endif
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
&ssl->handshake->pmslen,
ssl->handshake->premaster,
MBEDTLS_MPI_MAX_SIZE,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
&ssl->handshake->pmslen,
ssl->handshake->premaster,
MBEDTLS_MPI_MAX_SIZE,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
@ -3071,26 +3266,28 @@ ecdh_calc_secret:
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
i = 4;
n = ssl->conf->psk_identity_len;
header_len = 4;
content_len = ssl->conf->psk_identity_len;
if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
"SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
ssl->out_msg[i++] = (unsigned char)( n );
ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
ssl->out_msg[header_len++] = (unsigned char)( content_len );
memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
i += ssl->conf->psk_identity_len;
memcpy( ssl->out_msg + header_len,
ssl->conf->psk_identity,
ssl->conf->psk_identity_len );
header_len += ssl->conf->psk_identity_len;
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
{
n = 0;
content_len = 0;
}
else
#endif
@ -3103,7 +3300,8 @@ ecdh_calc_secret:
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 )
if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
&content_len, 2 ) ) != 0 )
return( ret );
}
else
@ -3120,21 +3318,22 @@ ecdh_calc_secret:
/*
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
*/
n = ssl->handshake->dhm_ctx.len;
content_len = ssl->handshake->dhm_ctx.len;
if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
if( header_len + 2 + content_len >
MBEDTLS_SSL_OUT_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
" or SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
ssl->out_msg[i++] = (unsigned char)( n );
ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
ssl->out_msg[header_len++] = (unsigned char)( content_len );
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
&ssl->out_msg[i], n,
&ssl->out_msg[header_len], content_len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
@ -3156,8 +3355,10 @@ ecdh_calc_secret:
/*
* ClientECDiffieHellmanPublic public;
*/
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
&ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i,
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
&content_len,
&ssl->out_msg[header_len],
MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
@ -3198,8 +3399,9 @@ ecdh_calc_secret:
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
{
i = 4;
if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 )
header_len = 4;
if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
&content_len, 0 ) ) != 0 )
return( ret );
}
else
@ -3207,10 +3409,12 @@ ecdh_calc_secret:
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{
i = 4;
header_len = 4;
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n,
ssl->out_msg + header_len,
MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
&content_len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
@ -3235,7 +3439,7 @@ ecdh_calc_secret:
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
ssl->out_msglen = i + n;
ssl->out_msglen = header_len + content_len;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
@ -3541,6 +3745,15 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
if( ticket_len == 0 )
return( 0 );
if( ssl->session != NULL && ssl->session->ticket != NULL )
{
mbedtls_platform_zeroize( ssl->session->ticket,
ssl->session->ticket_len );
mbedtls_free( ssl->session->ticket );
ssl->session->ticket = NULL;
ssl->session->ticket_len = 0;
}
mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
ssl->session_negotiate->ticket_len );
mbedtls_free( ssl->session_negotiate->ticket );

186
library/ssl_tls.c
View File

@ -5724,6 +5724,23 @@ write_msg:
return( ret );
}
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
unsigned char *crt_buf,
size_t crt_buf_len )
{
mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert;
if( peer_crt == NULL )
return( -1 );
if( peer_crt->raw.len != crt_buf_len )
return( -1 );
return( memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
/*
* Once the certificate message is read, parse it into a cert chain and
* perform basic checks, but leave actual verification to the caller
@ -5814,43 +5831,40 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
/* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */
i += 3;
/* In case we tried to reuse a session but it failed */
if( ssl->session_negotiate->peer_cert != NULL )
{
mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
mbedtls_free( ssl->session_negotiate->peer_cert );
ssl->session_negotiate->peer_cert = NULL;
}
if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1,
sizeof( mbedtls_x509_crt ) ) ) == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
sizeof( mbedtls_x509_crt ) ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
i += 3;
/* Iterate through and parse the CRTs in the provided chain. */
while( i < ssl->in_hslen )
{
/* Check that there's room for the next CRT's length fields. */
if ( i + 3 > ssl->in_hslen ) {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
/* In theory, the CRT can be up to 2**24 Bytes, but we don't support
* anything beyond 2**16 ~ 64K. */
if( ssl->in_msg[i] != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
/* Read length of the next CRT in the chain. */
n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
| (unsigned int) ssl->in_msg[i + 2];
i += 3;
@ -5858,72 +5872,101 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl )
if( n < 128 || i + n > ssl->in_hslen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
/* Check if we're handling the first CRT in the chain. */
if( ssl->session_negotiate->peer_cert == NULL )
{
/* During client-side renegotiation, check that the server's
* end-CRTs hasn't changed compared to the initial handshake,
* mitigating the triple handshake attack. On success, reuse
* the original end-CRT instead of parsing it again. */
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) );
if( ssl_check_peer_crt_unchanged( ssl,
&ssl->in_msg[i],
n ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
/* Move CRT chain structure to new session instance. */
ssl->session_negotiate->peer_cert = ssl->session->peer_cert;
ssl->session->peer_cert = NULL;
/* Delete all remaining CRTs from the original CRT chain. */
mbedtls_x509_crt_free(
ssl->session_negotiate->peer_cert->next );
mbedtls_free( ssl->session_negotiate->peer_cert->next );
ssl->session_negotiate->peer_cert->next = NULL;
i += n;
continue;
}
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
/* Outside of client-side renegotiation, create a fresh X.509 CRT
* instance to parse the end-CRT into. */
ssl->session_negotiate->peer_cert =
mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
if( ssl->session_negotiate->peer_cert == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
sizeof( mbedtls_x509_crt ) ) );
mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
/* Intentional fall through */
}
/* Parse the next certificate in the chain. */
ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
ssl->in_msg + i, n );
ssl->in_msg + i, n );
switch( ret )
{
case 0: /*ok*/
case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
/* Ignore certificate with an unknown algorithm: maybe a
prior certificate was already trusted. */
break;
case 0: /*ok*/
case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
/* Ignore certificate with an unknown algorithm: maybe a
prior certificate was already trusted. */
break;
case MBEDTLS_ERR_X509_ALLOC_FAILED:
alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
goto crt_parse_der_failed;
case MBEDTLS_ERR_X509_ALLOC_FAILED:
alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
goto crt_parse_der_failed;
case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
goto crt_parse_der_failed;
case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
goto crt_parse_der_failed;
default:
alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
crt_parse_der_failed:
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
return( ret );
default:
alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
crt_parse_der_failed:
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
return( ret );
}
i += n;
}
MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
/*
* On client, make sure the server cert doesn't change during renego to
* avoid "triple handshake" attack: https://secure-resumption.com/
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
{
if( ssl->session->peer_cert == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
if( ssl->session->peer_cert->raw.len !=
ssl->session_negotiate->peer_cert->raw.len ||
memcmp( ssl->session->peer_cert->raw.p,
ssl->session_negotiate->peer_cert->raw.p,
ssl->session->peer_cert->raw.len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
}
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
return( 0 );
}
@ -9367,6 +9410,11 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
ssl_buffering_free( ssl );
#endif
#if defined(MBEDTLS_ECDH_C) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key( handshake->ecdh_psa_privkey );
#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
mbedtls_platform_zeroize( handshake,
sizeof( mbedtls_ssl_handshake_params ) );
}

73
library/x509_crt.c
View File

@ -834,8 +834,10 @@ static int x509_get_crt_ext( unsigned char **p,
/*
* Parse and fill a single X.509 certificate in DER format
*/
static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf,
size_t buflen )
static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
const unsigned char *buf,
size_t buflen,
int make_copy )
{
int ret;
size_t len;
@ -852,7 +854,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
if( crt == NULL || buf == NULL )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
// Use the original buffer until we figure out actual length
/* Use the original buffer until we figure out actual length. */
p = (unsigned char*) buf;
len = buflen;
end = p + len;
@ -870,25 +872,26 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
}
if( len > (size_t) ( end - p ) )
{
mbedtls_x509_crt_free( crt );
return( MBEDTLS_ERR_X509_INVALID_FORMAT +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
}
crt_end = p + len;
// Create and populate a new buffer for the raw field
crt->raw.len = crt_end - buf;
crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
if( p == NULL )
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
memcpy( p, buf, crt->raw.len );
// Direct pointers to the new buffer
p += crt->raw.len - len;
end = crt_end = p + len;
crt->raw.len = crt_end - buf;
if( make_copy != 0 )
{
/* Create and populate a new buffer for the raw field. */
crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
if( crt->raw.p == NULL )
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
memcpy( crt->raw.p, buf, crt->raw.len );
crt->own_buffer = 1;
p += crt->raw.len - len;
end = crt_end = p + len;
}
else
{
crt->raw.p = (unsigned char*) buf;
crt->own_buffer = 0;
}
/*
* TBSCertificate ::= SEQUENCE {
@ -1091,8 +1094,10 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
* Parse one X.509 certificate in DER format from a buffer and add them to a
* chained list
*/
int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
size_t buflen )
static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen,
int make_copy )
{
int ret;
mbedtls_x509_crt *crt = chain, *prev = NULL;
@ -1124,7 +1129,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
crt = crt->next;
}
if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
if( ( ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy ) ) != 0 )
{
if( prev )
prev->next = NULL;
@ -1138,11 +1143,27 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
return( 0 );
}
int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen )
{
return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0 ) );
}
int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen )
{
return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1 ) );
}
/*
* Parse one or more PEM certificates from a buffer and add them to the chained
* list
*/
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen )
{
#if defined(MBEDTLS_PEM_PARSE_C)
int success = 0, first_error = 0, total_failed = 0;
@ -2699,7 +2720,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
mbedtls_free( seq_prv );
}
if( cert_cur->raw.p != NULL )
if( cert_cur->raw.p != NULL && cert_cur->own_buffer )
{
mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
mbedtls_free( cert_cur->raw.p );

1
programs/.gitignore vendored
View File

@ -53,6 +53,7 @@ test/cpp_dummy_build
test/ssl_cert_test
test/udp_proxy
test/zeroize
test/query_compile_time_config
util/pem2der
util/strerror
x509/cert_app

13
programs/Makefile
View File

@ -72,6 +72,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \
test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \
test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \
test/zeroize$(EXEXT) \
test/query_compile_time_config$(EXEXT) \
util/pem2der$(EXEXT) util/strerror$(EXEXT) \
x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \
x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \
@ -234,17 +235,17 @@ ssl/ssl_client1$(EXEXT): ssl/ssl_client1.c $(DEP)
echo " CC ssl/ssl_client1.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client1.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c $(DEP)
ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c ssl/query_config.c $(DEP)
echo " CC ssl/ssl_client2.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_server$(EXEXT): ssl/ssl_server.c $(DEP)
echo " CC ssl/ssl_server.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c $(DEP)
ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c ssl/query_config.c $(DEP)
echo " CC ssl/ssl_server2.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP)
echo " CC ssl/ssl_fork_server.c"
@ -286,6 +287,10 @@ test/zeroize$(EXEXT): test/zeroize.c $(DEP)
echo " CC test/zeroize.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c ssl/query_config.c $(DEP)
echo " CC test/query_compile_time_config.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
util/pem2der$(EXEXT): util/pem2der.c $(DEP)
echo " CC util/pem2der.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

2
programs/ssl/CMakeLists.txt
View File

@ -34,12 +34,14 @@ add_executable(ssl_client1 ssl_client1.c)
target_link_libraries(ssl_client1 ${libs})
add_executable(ssl_client2 ssl_client2.c)
target_sources(ssl_client2 PUBLIC query_config.c)
target_link_libraries(ssl_client2 ${libs})
add_executable(ssl_server ssl_server.c)
target_link_libraries(ssl_server ${libs})
add_executable(ssl_server2 ssl_server2.c)
target_sources(ssl_server2 PUBLIC query_config.c)
target_link_libraries(ssl_server2 ${libs})
add_executable(ssl_fork_server ssl_fork_server.c)

2595
programs/ssl/query_config.c Normal file
View File

File diff suppressed because it is too large Load Diff

10
programs/ssl/ssl_client2.c
View File

@ -342,6 +342,10 @@ int main( void )
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
"\n" \
" force_ciphersuite=<name> default: all enabled\n"\
" query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
" acceptable ciphersuite names:\n"
#define ALPN_LIST_SIZE 10
@ -417,6 +421,8 @@ struct options
int etm; /* negotiate encrypt then mac? */
} opt;
int query_config( const char *config );
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
@ -1059,6 +1065,10 @@ int main( int argc, char *argv[] )
if( opt.dhmlen < 0 )
goto usage;
}
else if( strcmp( p, "query_config" ) == 0 )
{
return query_config( q );
}
else
goto usage;
}

10
programs/ssl/ssl_server2.c
View File

@ -446,6 +446,10 @@ int main( void )
" in order from ssl3 to tls1_2\n" \
" default: all enabled\n" \
" force_ciphersuite=<name> default: all enabled\n" \
" query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
" acceptable ciphersuite names:\n"
@ -543,6 +547,8 @@ struct options
int badmac_limit; /* Limit of records with bad MAC */
} opt;
int query_config( const char *config );
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
@ -1871,6 +1877,10 @@ int main( int argc, char *argv[] )
{
opt.sni = q;
}
else if( strcmp( p, "query_config" ) == 0 )
{
return query_config( q );
}
else
goto usage;
}

6
programs/test/CMakeLists.txt
View File

@ -30,6 +30,10 @@ target_link_libraries(udp_proxy ${libs})
add_executable(zeroize zeroize.c)
target_link_libraries(zeroize ${libs})
install(TARGETS selftest benchmark ssl_cert_test udp_proxy
add_executable(query_compile_time_config query_compile_time_config.c)
target_sources(query_compile_time_config PUBLIC ../ssl/query_config.c)
target_link_libraries(query_compile_time_config ${libs})
install(TARGETS selftest benchmark ssl_cert_test udp_proxy query_compile_time_config
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

56
programs/test/query_compile_time_config.c Normal file
View File

@ -0,0 +1,56 @@
/*
* Query the Mbed TLS compile time configuration
*
* Copyright (C) 2018, Arm Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#define USAGE \
"usage: %s <MBEDTLS_CONFIG>\n\n" \
"This program takes one command line argument which corresponds to\n" \
"the string representation of a Mbed TLS compile time configuration.\n" \
"The value 0 will be returned if this configuration is defined in the\n" \
"Mbed TLS build and the macro expansion of that configuration will be\n" \
"printed (if any). Otherwise, 1 will be returned.\n"
int query_config( const char *config );
int main( int argc, char *argv[] )
{
if ( argc != 2 )
{
mbedtls_printf( USAGE, argv[0] );
return( MBEDTLS_EXIT_FAILURE );
}
return( query_config( argv[1] ) );
}

3
scripts/bump_version.sh
View File

@ -132,6 +132,9 @@ done
[ $VERBOSE ] && echo "Re-generating library/error.c"
scripts/generate_errors.pl
[ $VERBOSE ] && echo "Re-generating programs/ssl/query_config.c"
scripts/generate_query_config.pl
[ $VERBOSE ] && echo "Re-generating library/version_features.c"
scripts/generate_features.pl

139
scripts/data_files/query_config.fmt Normal file
View File

@ -0,0 +1,139 @@
/*
* Query Mbed TLS compile time configurations from config.h
*
* Copyright (C) 2018, Arm Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
/*
* Include all the headers with public APIs in case they define a macro to its
* default value when that configuration is not set in the config.h.
*/
#include "mbedtls/aes.h"
#include "mbedtls/aesni.h"
#include "mbedtls/arc4.h"
#include "mbedtls/aria.h"
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/base64.h"
#include "mbedtls/bignum.h"
#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
#include "mbedtls/ccm.h"
#include "mbedtls/certs.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/chachapoly.h"
#include "mbedtls/cipher.h"
#include "mbedtls/cmac.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/debug.h"
#include "mbedtls/des.h"
#include "mbedtls/dhm.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/ecdsa.h"
#include "mbedtls/ecjpake.h"
#include "mbedtls/ecp.h"
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
#include "mbedtls/error.h"
#include "mbedtls/gcm.h"
#include "mbedtls/havege.h"
#include "mbedtls/hkdf.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/md.h"
#include "mbedtls/md2.h"
#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/memory_buffer_alloc.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/nist_kw.h"
#include "mbedtls/oid.h"
#include "mbedtls/padlock.h"
#include "mbedtls/pem.h"
#include "mbedtls/pk.h"
#include "mbedtls/pkcs11.h"
#include "mbedtls/pkcs12.h"
#include "mbedtls/pkcs5.h"
#include "mbedtls/platform_time.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/poly1305.h"
#include "mbedtls/ripemd160.h"
#include "mbedtls/rsa.h"
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_cache.h"
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/ssl_cookie.h"
#include "mbedtls/ssl_internal.h"
#include "mbedtls/ssl_ticket.h"
#include "mbedtls/threading.h"
#include "mbedtls/timing.h"
#include "mbedtls/version.h"
#include "mbedtls/x509.h"
#include "mbedtls/x509_crl.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/xtea.h"
#include <string.h>
/*
* Helper macros to convert a macro or its expansion into a string
* WARNING: This does not work for expanding function-like macros. However,
* Mbed TLS does not currently have configuration options used in this fashion.
*/
#define MACRO_EXPANSION_TO_STR(macro) MACRO_NAME_TO_STR(macro)
#define MACRO_NAME_TO_STR(macro) \
mbedtls_printf( "%s", strlen( #macro "" ) > 0 ? #macro "\n" : "" )
#if defined(_MSC_VER)
/*
* Visual Studio throws the warning 4003 because many Mbed TLS feature macros
* are defined empty. This means that from the preprocessor's point of view
* the macro MBEDTLS_EXPANSION_TO_STR is being invoked without arguments as
* some macros expand to nothing. We suppress that specific warning to get a
* clean build and to ensure that tests treating warnings as errors do not
* fail.
*/
#pragma warning(push)
#pragma warning(disable:4003)
#endif /* _MSC_VER */
int query_config( const char *config )
{
CHECK_CONFIG /* If the symbol is not found, return an error */
return( 1 );
}
#if defined(_MSC_VER)
#pragma warning(pop)
#endif /* _MSC_VER */

3
scripts/data_files/vs2010-app-template.vcxproj
View File

@ -18,8 +18,7 @@
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\<PATHNAME>.c" />
<ItemGroup> <SOURCES>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">

75
scripts/generate_query_config.pl Executable file
View File

@ -0,0 +1,75 @@
#! /usr/bin/env perl
# Generate query_config.c
#
# The file query_config.c contains a C function that can be used to check if
# a configuration macro is defined and to retrieve its expansion in string
# form (if any). This facilitates querying the compile time configuration of
# the library, for example, for testing.
#
# The query_config.c is generated from the current configuration at
# include/mbedtls/config.h. The idea is that the config.h contains ALL the
# compile time configurations available in Mbed TLS (commented or uncommented).
# This script extracts the configuration macros from the config.h and this
# information is used to automatically generate the body of the query_config()
# function by using the template in scripts/data_files/query_config.fmt.
#
# Usage: ./scripts/generate_query_config.pl without arguments
use strict;
my $config_file = "./include/mbedtls/config.h";
my $query_config_format_file = "./scripts/data_files/query_config.fmt";
my $query_config_file = "./programs/ssl/query_config.c";
# Excluded macros from the generated query_config.c. For example, macros that
# have commas or function-like macros cannot be transformed into strings easily
# using the preprocessor, so they should be excluded or the preprocessor will
# throw errors.
my @excluded = qw(
MBEDTLS_SSL_CIPHERSUITES
MBEDTLS_PARAM_FAILED
);
my $excluded_re = join '|', @excluded;
open(CONFIG_FILE, "$config_file") or die "Opening config file '$config_file': $!";
# This variable will contain the string to replace in the CHECK_CONFIG of the
# format file
my $config_check = "";
while (my $line = <CONFIG_FILE>) {
if ($line =~ /^(\/\/)?\s*#\s*define\s+(MBEDTLS_\w+).*/) {
my $name = $2;
# Skip over the macro that prevents multiple inclusion
next if "MBEDTLS_CONFIG_H" eq $name;
# Skip over the macro if it is in the ecluded list
next if $name =~ /$excluded_re/;
$config_check .= "#if defined($name)\n";
$config_check .= " if( strcmp( \"$name\", config ) == 0 )\n";
$config_check .= " {\n";
$config_check .= " MACRO_EXPANSION_TO_STR( $name );\n";
$config_check .= " return( 0 );\n";
$config_check .= " }\n";
$config_check .= "#endif /* $name */\n";
$config_check .= "\n";
}
}
# Read the full format file into a string
local $/;
open(FORMAT_FILE, "$query_config_format_file") or die "Opening query config format file '$query_config_format_file': $!";
my $query_config_format = <FORMAT_FILE>;
close(FORMAT_FILE);
# Replace the body of the query_config() function with the code we just wrote
$query_config_format =~ s/CHECK_CONFIG/$config_check/g;
# Rewrite the query_config.c file
open(QUERY_CONFIG_FILE, ">$query_config_file") or die "Opening destination file '$query_config_file': $!";
print QUERY_CONFIG_FILE $query_config_format;
close(QUERY_CONFIG_FILE);

8
scripts/generate_visualc_files.pl
View File

@ -95,8 +95,14 @@ sub gen_app {
$path =~ s!/!\\!g;
(my $appname = $path) =~ s/.*\\//;
my $srcs = "\n <ClCompile Include=\"..\\..\\programs\\$path.c\" \/>\r";
if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or
$appname eq "query_compile_time_config" ) {
$srcs .= "\n <ClCompile Include=\"..\\..\\programs\\ssl\\query_config.c\" \/>\r";
}
my $content = $template;
$content =~ s/<PATHNAME>/$path/g;
$content =~ s/<SOURCES>/$srcs/g;
$content =~ s/<APPNAME>/$appname/g;
$content =~ s/<GUID>/$guid/g;

8
tests/data_files/Makefile
View File

@ -45,7 +45,9 @@ all_intermediate += test-ca.req.sha256
test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
all_final += test-ca.crt
test-ca.der: test-ca.crt
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += test-ca.crt test-ca.der
test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
@ -873,7 +875,9 @@ server1_all: server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt
server2.crt: server2.req.sha256
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
all_final += server2.crt
server2.der: server2.crt
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += server2.crt server2.der
server2-sha256.crt: server2.req.sha256
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@

BIN
tests/data_files/server1.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/server2.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test-ca.der Normal file
View File

Binary file not shown.

3
tests/scripts/all.sh
View File

@ -298,7 +298,7 @@ check_tools()
}
check_headers_in_cpp () {
ls include/mbedtls >headers.txt
ls include/mbedtls | grep "\.h$" >headers.txt
<programs/test/cpp_dummy_build.cpp sed -n 's/"$//; s!^#include "mbedtls/!!p' |
sort |
diff headers.txt -
@ -785,6 +785,7 @@ component_test_use_psa_crypto_full_cmake_asan() {
msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl unset MBEDTLS_ECP_RESTARTABLE # restartable ECC not supported through PSA
scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
scripts/config.pl set MBEDTLS_USE_PSA_CRYPTO
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .

1
tests/scripts/check-generated-files.sh
View File

@ -65,5 +65,6 @@ check()
}
check scripts/generate_errors.pl library/error.c
check scripts/generate_query_config.pl programs/ssl/query_config.c
check scripts/generate_features.pl library/version_features.c
check scripts/generate_visualc_files.pl visualc/VS2010

73
tests/ssl-opt.sh
View File

@ -165,22 +165,34 @@ requires_config_disabled() {
}
get_config_value_or_default() {
NAME="$1"
DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h |
sed 's/^.* \([0-9]*\)$/\1/' )
../scripts/config.pl get $NAME || echo "$DEF_VAL"
# This function uses the query_config command line option to query the
# required Mbed TLS compile time configuration from the ssl_server2
# program. The command will always return a success value if the
# configuration is defined and the value will be printed to stdout.
#
# Note that if the configuration is not defined or is defined to nothing,
# the output of this function will be an empty string.
${P_SRV} "query_config=${1}"
}
requires_config_value_at_least() {
VAL=$( get_config_value_or_default "$1" )
if [ "$VAL" -lt "$2" ]; then
VAL="$( get_config_value_or_default "$1" )"
if [ -z "$VAL" ]; then
# Should never happen
echo "Mbed TLS configuration $1 is not defined"
exit 1
elif [ "$VAL" -lt "$2" ]; then
SKIP_NEXT="YES"
fi
}
requires_config_value_at_most() {
VAL=$( get_config_value_or_default "$1" )
if [ "$VAL" -gt "$2" ]; then
if [ -z "$VAL" ]; then
# Should never happen
echo "Mbed TLS configuration $1 is not defined"
exit 1
elif [ "$VAL" -gt "$2" ]; then
SKIP_NEXT="YES"
fi
}
@ -769,6 +781,30 @@ run_test_psa() {
-C "Failed to setup PSA-based cipher context"\
-S "Failed to setup PSA-based cipher context"\
-s "Protocol is TLSv1.2" \
-c "Perform PSA-based ECDH computation."\
-c "Perform PSA-based computation of digest of ServerKeyExchange" \
-S "error" \
-C "error"
}
run_test_psa_force_curve() {
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSA - ECDH with $1" \
"$P_SRV debug_level=4 force_version=tls1_2" \
"$P_CLI debug_level=4 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
0 \
-c "Successfully setup PSA-based decryption cipher context" \
-c "Successfully setup PSA-based encryption cipher context" \
-c "PSA calc verify" \
-c "calc PSA finished" \
-s "Successfully setup PSA-based decryption cipher context" \
-s "Successfully setup PSA-based encryption cipher context" \
-s "PSA calc verify" \
-s "calc PSA finished" \
-C "Failed to setup PSA-based cipher context"\
-S "Failed to setup PSA-based cipher context"\
-s "Protocol is TLSv1.2" \
-c "Perform PSA-based ECDH computation."\
-c "Perform PSA-based computation of digest of ServerKeyExchange" \
-S "error" \
-C "error"
@ -932,6 +968,29 @@ run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
requires_config_enabled MBEDTLS_ECP_DP_SECP521R1_ENABLED
run_test_psa_force_curve "secp521r1"
requires_config_enabled MBEDTLS_ECP_DP_BP512R1_ENABLED
run_test_psa_force_curve "brainpoolP512r1"
requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
run_test_psa_force_curve "secp384r1"
requires_config_enabled MBEDTLS_ECP_DP_BP384R1_ENABLED
run_test_psa_force_curve "brainpoolP384r1"
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test_psa_force_curve "secp256r1"
requires_config_enabled MBEDTLS_ECP_DP_SECP256K1_ENABLED
run_test_psa_force_curve "secp256k1"
requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED
run_test_psa_force_curve "brainpoolP256r1"
requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED
run_test_psa_force_curve "secp224r1"
requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED
run_test_psa_force_curve "secp224k1"
requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED
run_test_psa_force_curve "secp192r1"
requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED
run_test_psa_force_curve "secp192k1"
# Test current time in ServerHello
requires_config_enabled MBEDTLS_HAVE_TIME
run_test "ServerHello contains gmt_unix_time" \

2
tests/suites/test_suite_ecp.function
View File

@ -43,7 +43,9 @@ void ecp_invalid_param( )
unsigned char buf[42] = { 0 };
const unsigned char *null_buf = NULL;
mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
#if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx restart_ctx;
#endif /* MBEDTLS_ECP_RESTARTABLE */
TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) );
TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) );

54
tests/suites/test_suite_timing.data
View File

@ -1,41 +1,17 @@
Timing: basic timer operation
timing_timer_simple:
Timing: timer reset
timing_timer_reset:
Timing: two parallel timers, delay 0
timing_two_timers:0:
Timing: two parallel timers, delay 100
timing_two_timers:100:
Timing: two parallel timers, delay 1000
timing_two_timers:1000:
Timing: two parallel timers, delay 10000
timing_two_timers:10000:
Timing: delay 0ms, 0ms
timing_delay:0:0:
Timing: delay 0ms, 50ms
timing_delay:0:50:
Timing: delay 50ms, 50ms
timing_delay:50:50:
Timing: delay 50ms, 100ms
timing_delay:50:100:
Timing: delay 50ms, 200ms
timing_delay:50:200:
Timing: alarm in 0 second
timing_alarm:0:
Timing: alarm in 1 second
timing_alarm:1:
Timing: hardclock
timing_hardclock:
Timing: get timer
timing_get_timer:
Timing: set alarm with no delay
timing_set_alarm:0:
Timing: set alarm with 1s delay
timing_set_alarm:1:
Timing: delay 0ms
timing_delay:0:
Timing: delay 100ms
timing_delay:100:

403
tests/suites/test_suite_timing.function
View File

@ -1,51 +1,14 @@
/* BEGIN_HEADER */
/* This test module exercises the timing module. One of the expected failure
modes is for timers to never expire, which could lead to an infinite loop.
The function timing_timer_simple is protected against this failure mode and
checks that timers do expire. Other functions will terminate if their
timers do expire. Therefore it is recommended to run timing_timer_simple
first and run other test functions only if that timing_timer_simple
succeeded. */
/* This test module exercises the timing module. Since, depending on the
* underlying operating system, the timing routines are not always reliable,
* this suite only performs very basic sanity checks of the timing API.
*/
#include <limits.h>
#include "mbedtls/timing.h"
/* Wait this many milliseconds for a short timing test. This duration
should be large enough that, in practice, if you read the timer
value twice in a row, it won't have jumped by that much. */
#define TIMING_SHORT_TEST_MS 100
/* A loop that waits TIMING_SHORT_TEST_MS must not take more than this many
iterations. This value needs to be large enough to accommodate fast
platforms (e.g. at 4GHz and 10 cycles/iteration a CPU can run through 20
million iterations in 50ms). The only motivation to keep this value low is
to avoid having an infinite loop if the timer functions are not implemented
correctly. Ideally this value should be based on the processor speed but we
don't have this information! */
#define TIMING_SHORT_TEST_ITERATIONS_MAX 1e8
/* alarm(0) must fire in no longer than this amount of time. */
#define TIMING_ALARM_0_DELAY_MS TIMING_SHORT_TEST_MS
static int expected_delay_status( uint32_t int_ms, uint32_t fin_ms,
unsigned long actual_ms )
{
return( fin_ms == 0 ? -1 :
actual_ms >= fin_ms ? 2 :
actual_ms >= int_ms ? 1 :
0 );
}
/* Some conditions in timing_timer_simple suggest that timers are unreliable.
Most other test cases rely on timers to terminate, and could loop
indefinitely if timers are too broken. So if timing_timer_simple detected a
timer that risks not terminating (going backwards, or not reaching the
desired count in the alloted clock cycles), set this flag to immediately
fail those other tests without running any timers. */
static int timers_are_badly_broken = 0;
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -54,350 +17,58 @@ static int timers_are_badly_broken = 0;
*/
/* BEGIN_CASE */
void timing_timer_simple( )
void timing_hardclock( )
{
struct mbedtls_timing_hr_time timer;
unsigned long millis = 0;
unsigned long new_millis = 0;
unsigned long iterations = 0;
/* Start the timer. */
(void) mbedtls_timing_get_timer( &timer, 1 );
/* Busy-wait loop for a few milliseconds. */
do
{
new_millis = mbedtls_timing_get_timer( &timer, 0 );
++iterations;
/* Check that the timer didn't go backwards */
TEST_ASSERT( new_millis >= millis );
millis = new_millis;
}
while( millis < TIMING_SHORT_TEST_MS &&
iterations <= TIMING_SHORT_TEST_ITERATIONS_MAX );
/* The wait duration should have been large enough for at least a
few runs through the loop, even on the slowest realistic platform. */
TEST_ASSERT( iterations >= 2 );
/* The wait duration shouldn't have overflowed the iteration count. */
TEST_ASSERT( iterations < TIMING_SHORT_TEST_ITERATIONS_MAX );
return;
exit:
if( iterations >= TIMING_SHORT_TEST_ITERATIONS_MAX ||
new_millis < millis )
{
/* The timer was very unreliable: it didn't increment and the loop ran
out, or it went backwards. Other tests that use timers might go
into an infinite loop, so we'll skip them. */
timers_are_badly_broken = 1;
}
/* No cleanup needed, but show some diagnostic iterations, because timing
problems can be hard to reproduce. */
mbedtls_fprintf( stdout, " Finished with millis=%lu new_millis=%lu get(timer)<=%lu iterations=%lu\n",
millis, new_millis, mbedtls_timing_get_timer( &timer, 0 ),
iterations );
(void) mbedtls_timing_hardclock();
/* This goto is added to avoid warnings from the generated code. */
goto exit;
}
/* END_CASE */
/* BEGIN_CASE */
void timing_timer_reset( )
void timing_get_timer( )
{
struct mbedtls_timing_hr_time timer;
unsigned long millis = 0;
unsigned long iterations = 0;
/* Skip this test if it looks like timers don't work at all, to avoid an
infinite loop below. */
TEST_ASSERT( !timers_are_badly_broken );
/* Start the timer. Timers are always reset to 0. */
TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 );
/* Busy-wait loop for a few milliseconds */
do
{
++iterations;
millis = mbedtls_timing_get_timer( &timer, 0 );
}
while( millis < TIMING_SHORT_TEST_MS );
/* Reset the timer and check that it has restarted. */
TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 );
/* Read the timer immediately after reset. It should be 0 or close
to it. */
TEST_ASSERT( mbedtls_timing_get_timer( &timer, 0 ) < TIMING_SHORT_TEST_MS );
return;
exit:
/* No cleanup needed, but show some diagnostic information, because timing
problems can be hard to reproduce. */
if( !timers_are_badly_broken )
mbedtls_fprintf( stdout, " Finished with millis=%lu get(timer)<=%lu iterations=%lu\n",
millis, mbedtls_timing_get_timer( &timer, 0 ),
iterations );
struct mbedtls_timing_hr_time time;
(void) mbedtls_timing_get_timer( &time, 1 );
(void) mbedtls_timing_get_timer( &time, 0 );
/* This goto is added to avoid warnings from the generated code. */
goto exit;
}
/* END_CASE */
/* BEGIN_CASE */
void timing_two_timers( int delta )
void timing_set_alarm( int seconds )
{
struct mbedtls_timing_hr_time timer1, timer2;
unsigned long millis1 = 0, millis2 = 0;
/* Skip this test if it looks like timers don't work at all, to avoid an
infinite loop below. */
TEST_ASSERT( !timers_are_badly_broken );
/* Start the first timer and wait for a short time. */
(void) mbedtls_timing_get_timer( &timer1, 1 );
do
if( seconds == 0 )
{
millis1 = mbedtls_timing_get_timer( &timer1, 0 );
}
while( millis1 < TIMING_SHORT_TEST_MS );
/* Do a short busy-wait, so that the difference between timer1 and timer2
doesn't practically always end up being very close to a whole number of
milliseconds. */
while( delta > 0 )
--delta;
/* Start the second timer and compare it with the first. */
mbedtls_timing_get_timer( &timer2, 1 );
do
{
millis1 = mbedtls_timing_get_timer( &timer1, 0 );
millis2 = mbedtls_timing_get_timer( &timer2, 0 );
/* The first timer should always be ahead of the first. */
TEST_ASSERT( millis1 > millis2 );
/* The timers shouldn't drift apart, i.e. millis2-millis1 should stay
roughly constant, but this is hard to test reliably, especially in
a busy environment such as an overloaded continuous integration
system, so we don't test it it. */
}
while( millis2 < TIMING_SHORT_TEST_MS );
return;
exit:
/* No cleanup needed, but show some diagnostic iterations, because timing
problems can be hard to reproduce. */
if( !timers_are_badly_broken )
mbedtls_fprintf( stdout, " Finished with millis1=%lu get(timer1)<=%lu millis2=%lu get(timer2)<=%lu\n",
millis1, mbedtls_timing_get_timer( &timer1, 0 ),
millis2, mbedtls_timing_get_timer( &timer2, 0 ) );
}
/* END_CASE */
/* BEGIN_CASE */
void timing_alarm( int seconds )
{
struct mbedtls_timing_hr_time timer;
unsigned long millis = 0;
/* We check that about the desired number of seconds has elapsed. Be
slightly liberal with the lower bound, so as to allow platforms where
the alarm (with second resolution) and the timer (with millisecond
resolution) are based on different clocks. Be very liberal with the
upper bound, because the platform might be busy. */
unsigned long millis_min = ( seconds > 0 ?
seconds * 900 :
0 );
unsigned long millis_max = ( seconds > 0 ?
seconds * 1100 + 400 :
TIMING_ALARM_0_DELAY_MS );
unsigned long iterations = 0;
/* Skip this test if it looks like timers don't work at all, to avoid an
infinite loop below. */
TEST_ASSERT( !timers_are_badly_broken );
/* Set an alarm and count how long it takes with a timer. */
(void) mbedtls_timing_get_timer( &timer, 1 );
mbedtls_set_alarm( seconds );
if( seconds > 0 )
{
/* We set the alarm for at least 1 second. It should not have fired
immediately, even on a slow and busy platform. */
TEST_ASSERT( !mbedtls_timing_alarmed );
}
/* A 0-second alarm should fire quickly, but we don't guarantee that it
fires immediately, so mbedtls_timing_alarmed may or may not be set at
this point. */
/* Busy-wait until the alarm rings */
do
{
++iterations;
millis = mbedtls_timing_get_timer( &timer, 0 );
}
while( !mbedtls_timing_alarmed && millis <= millis_max );
TEST_ASSERT( mbedtls_timing_alarmed );
TEST_ASSERT( millis >= millis_min );
TEST_ASSERT( millis <= millis_max );
mbedtls_timing_alarmed = 0;
return;
exit:
/* Show some diagnostic iterations, because timing
problems can be hard to reproduce. */
if( !timers_are_badly_broken )
mbedtls_fprintf( stdout, " Finished with alarmed=%d millis=%lu get(timer)<=%lu iterations=%lu\n",
mbedtls_timing_alarmed,
millis, mbedtls_timing_get_timer( &timer, 0 ),
iterations );
/* Cleanup */
mbedtls_timing_alarmed = 0;
}
/* END_CASE */
/* BEGIN_CASE */
void timing_delay( int int_ms, int fin_ms )
{
/* This function assumes that if int_ms is nonzero then it is large
enough that we have time to read all timers at least once in an
interval of time lasting int_ms milliseconds, and likewise for (fin_ms
- int_ms). So don't call it with arguments that are too small. */
mbedtls_timing_delay_context delay;
struct mbedtls_timing_hr_time timer;
unsigned long delta = 0; /* delay started between timer=0 and timer=delta */
unsigned long before = 0, after = 0;
unsigned long iterations = 0;
int status = -2;
int saw_status_1 = 0;
int warn_inconclusive = 0;
assert( int_ms >= 0 );
assert( fin_ms >= 0 );
/* Skip this test if it looks like timers don't work at all, to avoid an
infinite loop below. */
TEST_ASSERT( !timers_are_badly_broken );
/* Start a reference timer. Program a delay, and verify that the status of
the delay is consistent with the time given by the reference timer. */
(void) mbedtls_timing_get_timer( &timer, 1 );
mbedtls_timing_set_delay( &delay, int_ms, fin_ms );
/* Set delta to an upper bound for the interval between the start of timer
and the start of delay. Reading timer after starting delay gives us an
upper bound for the interval, rounded to a 1ms precision. Since this
might have been rounded down, but we need an upper bound, we add 1. */
delta = mbedtls_timing_get_timer( &timer, 0 ) + 1;
status = mbedtls_timing_get_delay( &delay );
if( fin_ms == 0 )
{
/* Cancelled timer. Just check the correct status for this case. */
TEST_ASSERT( status == -1 );
return;
}
/* Initially, none of the delays must be passed yet if they're nonzero.
This could fail for very small values of int_ms and fin_ms, where "very
small" depends how fast and how busy the platform is. */
if( int_ms > 0 )
{
TEST_ASSERT( status == 0 );
mbedtls_set_alarm( seconds );
TEST_ASSERT( mbedtls_timing_alarmed == 1 );
}
else
{
TEST_ASSERT( status == 1 );
mbedtls_set_alarm( seconds );
TEST_ASSERT( mbedtls_timing_alarmed == 0 ||
mbedtls_timing_alarmed == 1 );
}
do
{
unsigned long delay_min, delay_max;
int status_min, status_max;
++iterations;
before = mbedtls_timing_get_timer( &timer, 0 );
status = mbedtls_timing_get_delay( &delay );
after = mbedtls_timing_get_timer( &timer, 0 );
/* At a time between before and after, the delay's status was status.
Check that this is consistent given that the delay was started
between times 0 and delta. */
delay_min = ( before > delta ? before - delta : 0 );
status_min = expected_delay_status( int_ms, fin_ms, delay_min );
delay_max = after;
status_max = expected_delay_status( int_ms, fin_ms, delay_max );
TEST_ASSERT( status >= status_min );
TEST_ASSERT( status <= status_max );
if( status == 1 )
saw_status_1 = 1;
}
while ( before <= fin_ms + delta && status != 2 );
/* Since we've waited at least fin_ms, the delay must have fully
expired. */
TEST_ASSERT( status == 2 );
/* If the second delay is more than the first, then there must have been a
point in time when the first delay was passed but not the second delay.
This could fail for very small values of (fin_ms - int_ms), where "very
small" depends how fast and how busy the platform is. In practice, this
is the test that's most likely to fail on a heavily loaded machine. */
if( fin_ms > int_ms )
{
warn_inconclusive = 1;
TEST_ASSERT( saw_status_1 );
}
return;
exit:
/* No cleanup needed, but show some diagnostic iterations, because timing
problems can be hard to reproduce. */
if( !timers_are_badly_broken )
mbedtls_fprintf( stdout, " Finished with delta=%lu before=%lu after=%lu status=%d iterations=%lu\n",
delta, before, after, status, iterations );
if( warn_inconclusive )
mbedtls_fprintf( stdout, " Inconclusive test, try running it on a less heavily loaded machine.\n" );
}
}
/* END_CASE */
/* BEGIN_CASE */
void timing_hardclock( )
void timing_delay( int fin_ms )
{
/* We make very few guarantees about mbedtls_timing_hardclock: its rate is
platform-dependent, it can wrap around. So there isn't much we can
test. But we do at least test that it doesn't crash, stall or return
completely nonsensical values. */
struct mbedtls_timing_hr_time timer;
unsigned long hardclock0 = -1, hardclock1 = -1, delta1 = -1;
/* Skip this test if it looks like timers don't work at all, to avoid an
infinite loop below. */
TEST_ASSERT( !timers_are_badly_broken );
hardclock0 = mbedtls_timing_hardclock( );
/* Wait 2ms to ensure a nonzero delay. Since the timer interface has 1ms
resolution and unspecified precision, waiting 1ms might be a very small
delay that's rounded up. */
(void) mbedtls_timing_get_timer( &timer, 1 );
while( mbedtls_timing_get_timer( &timer, 0 ) < 2 )
/*busy-wait loop*/;
hardclock1 = mbedtls_timing_hardclock( );
/* Although the hardclock counter can wrap around, the difference
(hardclock1 - hardclock0) is taken modulo the type size, so it is
correct as long as the counter only wrapped around at most once. We
further require the difference to be nonzero (after a wait of more than
1ms, the counter must have changed), and not to be overly large (after
a wait of less than 3ms, plus time lost because other processes were
scheduled on the CPU). If the hardclock counter runs at 4GHz, then
1000000000 (which is 1/4 of the counter wraparound on a 32-bit machine)
allows 250ms. */
delta1 = hardclock1 - hardclock0;
TEST_ASSERT( delta1 > 0 );
TEST_ASSERT( delta1 < 1000000000 );
return;
exit:
/* No cleanup needed, but show some diagnostic iterations, because timing
problems can be hard to reproduce. */
if( !timers_are_badly_broken )
mbedtls_fprintf( stdout, " Finished with hardclock=%lu,%lu\n",
hardclock0, hardclock1 );
mbedtls_timing_delay_context ctx;
int result;
if( fin_ms == 0 )
{
mbedtls_timing_set_delay( &ctx, 0, 0 );
result = mbedtls_timing_get_delay( &ctx );
TEST_ASSERT( result == -1 );
}
else
{
mbedtls_timing_set_delay( &ctx, fin_ms / 2, fin_ms );
result = mbedtls_timing_get_delay( &ctx );
TEST_ASSERT( result >= 0 && result <= 2 );
}
}
/* END_CASE */

12
tests/suites/test_suite_x509parse.data
View File

@ -2,14 +2,26 @@ X509 Certificate information #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 Certificate information #1 (DER)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_cert_info:"data_files/server1.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 Certificate information #2
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 Certificate information #2 (DER)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_cert_info:"data_files/server2.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 Certificate information #3
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
X509 Certificate information #3 (DER)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_cert_info:"data_files/test-ca.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
X509 Certificate information MD2 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C
x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"

16
tests/suites/test_suite_x509parse.function
View File

@ -513,8 +513,22 @@ void x509parse_crt( data_t * buf, char * result_str, int result )
mbedtls_x509_crt_init( &crt );
memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) );
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
TEST_ASSERT( mbedtls_x509_crt_parse( &crt, buf->x, buf->len ) == ( result ) );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_init( &crt );
memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) );
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );

13
visualc/VS2010/mbedTLS.sln
View File

@ -223,6 +223,11 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zeroize", "zeroize.vcxproj"
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "query_compile_time_config", "query_compile_time_config.vcxproj", "{D6F58AF2-9D80-562A-E2B0-F743281522B9}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pem2der", "pem2der.vcxproj", "{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@ -626,6 +631,14 @@ Global
{10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.Build.0 = Release|Win32
{10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.ActiveCfg = Release|x64
{10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.Build.0 = Release|x64
{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.ActiveCfg = Debug|Win32
{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.Build.0 = Debug|Win32
{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.ActiveCfg = Debug|x64
{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.Build.0 = Debug|x64
{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.ActiveCfg = Release|Win32
{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.Build.0 = Release|Win32
{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.ActiveCfg = Release|x64
{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.Build.0 = Release|x64
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.ActiveCfg = Debug|Win32
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.Build.0 = Debug|Win32
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.ActiveCfg = Debug|x64

175
visualc/VS2010/query_compile_time_config.vcxproj Normal file
View File

@ -0,0 +1,175 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\test\query_compile_time_config.c" />
<ClCompile Include="..\..\programs\ssl\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
<LinkLibraryDependencies>true</LinkLibraryDependencies>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{D6F58AF2-9D80-562A-E2B0-F743281522B9}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>query_compile_time_config</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<IntDir>$(Configuration)\$(TargetName)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<IntDir>$(Configuration)\$(TargetName)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<IntDir>$(Configuration)\$(TargetName)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<IntDir>$(Configuration)\$(TargetName)\</IntDir>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
<AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
<LinkLibraryDependencies>false</LinkLibraryDependencies>
</ProjectReference>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
<AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
<LinkLibraryDependencies>false</LinkLibraryDependencies>
</ProjectReference>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
<AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
<AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

1
visualc/VS2010/ssl_client2.vcxproj
View File

@ -20,6 +20,7 @@
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\ssl\ssl_client2.c" />
<ClCompile Include="..\..\programs\ssl\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">

1
visualc/VS2010/ssl_server2.vcxproj
View File

@ -20,6 +20,7 @@
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\ssl\ssl_server2.c" />
<ClCompile Include="..\..\programs\ssl\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">